1820 matches found
FreeBSD : Asterisk -- multiple vulnerabilities (3c7d565a-6c64-11e0-813a-6c626dd55a41)
The Asterisk Development Team reports : It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the 'Async' header with the 'Application' header during an Originate action, allows authenticat...
[USN-1115-1] language-selector vulnerability
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...
USN-1115-1: language-selector vulnerability
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation...
Multi Gather Run Shell Command Resource File
This module will read shell commands from a resource file and execute the commands in the specified Meterpreter or shell session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Ru...
Debian Security Advisory DSA 2182-1 (logwatch)
The remote host is missing an update to logwatch announced via advisory DSA 2182-1. OpenVAS Vulnerability Test $Id: deb21821.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2182-1 logwatch Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2182-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability
Secunia reports: Input passed via an email from address is not properly sanitised in the "deliver" function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands...
Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability
Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. OpenVAS...
Mitel Audio and Web Conferencing (AWC) RCE Vulnerability (Jan 2011)
Mitel Audio and Web Conferencing AWC is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
Mitel Audio and Web Conferencing AWC - Arbitrary Shell Command Injection source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attacker...
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the...
AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution
AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can...
phpThumb 'fltr[]' Parameter Command Injection Vulnerability
The host is running phpThumb and is prone to command injection vulnerability. OpenVAS Vulnerability Test $Id: gbphpthumbcmdinjvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ phpThumb 'fltr' Parameter Command Injection Vulnerability Authors: Sooraj KS Updated from version check to active exploit by...
Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability
No description provided by source. A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a...
DSA-2021-2 spamass-milter - regression fix
Bulletin has no description...
OpenSSH X Connections Session Hijacking Vulnerability
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application. This issue affects OpenSSH 4.3p2; other versions may...
OpenSSH X Connections Session Hijacking Vulnerability
OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
DSA-2021-1 spamass-milter - remote command execution
Bulletin has no description...
SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability
SpamAssassin Milter Plugin is prone to a remote command- injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. SpamAssassin Milter Plugin 0.3.1 is affected; other...